In the past week, OpenAI has been introducing the capabilities of its latest cybersecurity product, GPT-5.4-Cyber, to U.S. federal agencies, state governments, and "Five Eyes Alliance" intelligence sharing partners, hoping to promote relevant government departments to join its cybersecurity dedicated access program. The company held a closed-door event in Washington, D.C., inviting about 50 professionals from across the federal government who are responsible for daily cybersecurity work to demonstrate the specific functions of this new model and explain the access process and hierarchical management arrangements.
OpenAI stated that government agencies applying to access GPT-5.4-Cyber need to pass the same review process as commercial customers before they can join its "Trusted Access for Cyber" program.
Institutions and businesses of all kinds are currently competing to use the latest generation of artificial intelligence tools, which have huge potential benefits in network defense and may also bring more dangerous attack methods to malicious hackers. The launch of OpenAI's new model comes on the heels of rival Anthropic's release of a preview version of its cybersecurity model Mythos, and both companies are currently negotiating with government agencies to decide which units can access related systems to what extent. Anthropic has not released Mythos publicly due to concerns about the risk of cyberattacks, instead opening a limited trial to about 40 companies and organizations, including at least two U.S. federal government agencies. In contrast, OpenAI adopts a "dual-track" strategy: on the one hand, a version is more widely available to ordinary users under strong security protection conditions; on the other hand, through the "Network Trusted Access" plan, a version with looser network operations and stronger functions is opened to defenders.
At a presentation in Washington, Chris Lehane, OpenAI’s head of global affairs, said the dual-track model will help give more critical but resource-constrained agencies - such as local water utility operators - the opportunity to use advanced AI tools to strengthen their defense capabilities. Sasha Baker, head of national security policy at OpenAI, told attendees that the company hopes to establish closer cooperative relationships with government departments at all levels, prioritize the most critical cybersecurity application scenarios, and build cross-industry threat intelligence sharing channels. OpenAI is also working with U.S. state governments to open up access to GPT-5.4-Cyber.
At the same time, OpenAI has initiated communication with the “Five Eyes Alliance” member states and plans to conduct special briefings to relevant intelligence and government agencies in Australia, Canada, New Zealand, and the United Kingdom within this week to promote these partners to complete reviews and obtain model access. As a long-term intelligence sharing mechanism, the "Five Eyes Alliance" is regarded as the core circle of the United States in cybersecurity cooperation. Unlike OpenAI's smooth progress, Anthropic's deployment within the U.S. government has been complicated by the fact that the Pentagon once classified the company as a "supply chain risk," a label that stemmed from a previous fierce controversy surrounding AI security safeguards. However, despite this risk determination, the National Security Agency (NSA) is currently testing the potential of the Mythos model for practical application in cyber defense.
Judging from the early use of enterprises and institutions that have obtained access rights, whether it is OpenAI's GPT-5.4-Cyber or Anthropic's Mythos preview version, the main purpose is to help users more efficiently discover exploitable security vulnerabilities in their own internal systems. This is particularly critical for many government agencies that have long relied on legacy IT systems, where patching is difficult and security burdens are heavy. With the help of these more automated and intelligent tools, they are expected to significantly speed up the troubleshooting and repair of serious vulnerabilities, improving the overall network defense level even with limited resources.